General
-
Target
tmp
-
Size
95KB
-
Sample
221003-erch7aghan
-
MD5
68afed1fdc812019d4f646f919025657
-
SHA1
d323a21f90c5d94ede89dbf4af56565c4673baa7
-
SHA256
5196aacf00f1f252962a14acf7e7f50680f52deaaa1e1d4d7850306e8211495a
-
SHA512
f605524ee87c66daf6e3fc588b66c9a66035753343cbcedf91c7b8fce6b0c58eafa36502fb0a237ee17c5ac7c52b80e808f60756935b81799d22edf65cbbe46b
-
SSDEEP
1536:9HqsyEq76ElbG6jejoigIY43Ywzi0Zb78ivombfexv0ujXyyed2O3tmulgS6pM:91r+68YY+zi0ZbYe1g0ujyzdMM
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
cheat
simplmizer.duckdns.org:61614
Targets
-
-
Target
tmp
-
Size
95KB
-
MD5
68afed1fdc812019d4f646f919025657
-
SHA1
d323a21f90c5d94ede89dbf4af56565c4673baa7
-
SHA256
5196aacf00f1f252962a14acf7e7f50680f52deaaa1e1d4d7850306e8211495a
-
SHA512
f605524ee87c66daf6e3fc588b66c9a66035753343cbcedf91c7b8fce6b0c58eafa36502fb0a237ee17c5ac7c52b80e808f60756935b81799d22edf65cbbe46b
-
SSDEEP
1536:9HqsyEq76ElbG6jejoigIY43Ywzi0Zb78ivombfexv0ujXyyed2O3tmulgS6pM:91r+68YY+zi0ZbYe1g0ujyzdMM
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-